[Bug 225292] Merge Review: audit
bugzilla at redhat.com
bugzilla at redhat.com
Wed Jan 16 04:17:57 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Merge Review: audit
https://bugzilla.redhat.com/show_bug.cgi?id=225292
------- Additional Comments From kevin at tummy.com 2008-01-15 23:17 EST -------
>BTW, I use essentially the same spec file for upstream, RHEL, and Fedora. I
>don't like making changes for one that affects another since the audit system is
>under heavy development. If it were an older stable package, I wouldn't care so
>much.
Totally understood.
>#1 fixed,
Thanks. Looks good.
>#2 fixed but I like the shorter version better...why else have an url?
The Source url can be very different from the URL field.
Tools like spectool -g and so forth look for the Source at a absolute
URL. So, it's best to specify the entire thing.
>#3 its a reminder to get it working at some point - added a comment,
ok, sounds good.
>#4 sometimes people like to make a utility that runs early or from busybox. I'd
>rather delete it in a few more weeks.
ok. Possibly you could split them out into a -static subpackage?
>#5 it already was that way,
Doese't seem to be. It's not a big deal, but doing the
%postun libs -p /sbin/ldconfig
means it just calls ldconfig, where if it's not using the -p it will
spawn a shell and pass the contents (ldconfig) to it. Just a fork of a bash
different I guess.
>#6 will look into it another day, patches are welcome,
Ok. Will attach a patch here.
>#7 that was put there because it was required.
> There was a bz opened that this was the fix for so I can't get rid of it,
Odd. Do you know the bug number?
The guidelines forbid this now:
http://fedoraproject.org/wiki/Packaging/Guidelines?highlight=(prereq)#head-c81b037a3a0d08f98eb9cb50594f5de73d1e461d
>#8 a) af_unix must be that way due to a mistake that must be overwritten.
>I'll change that another time.
ok. Might also make a note in the spec about it in case someone wonders.
> b) coreutils has to be there.
coreutils is in the base buildroot, and will always be there.
See: http://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions
> c) I don't know a better way to do this patches welcome
> please test on x86_64, though.
Yeah, I guess the python bits are arch independent, but the package
is arch, so it complains. Nothing I can think of to do unless the python
audit bits split out into their own noarch package. ;(
> d) logrotate is the enemy of audit. Audit must do its own rotation for security
>purposes.
Hum. I guess that makes some sense.
> e) those upgrade commands are for audit 1.0.x systems.
Yeah, and we should keep supporting the last 3 releases for upgrades.
If audit1.0.x is newer than that, keep it.
> f) where is this done in the spec file? I don't see any
> symlinking of consolehelper. Then again, consolehelper had better
> be in /usr/bin and not some relative directory.
It's not in the spec, it's part of the 'make install', ie upstream.
/usr/libexec/system-config-audit-server -> /usr/bin/consolehelper
>audit-1.6.5-3 has the changes from this review in it. When you see if finish
>going through koji successfully, please feel free to look it over.
Excellent. Thanks for the quick response here...
Will attach a patch for items 5, 6, 7...
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list